<?php
ob_start();
session_start();
include("dbinfo.inc.php");
$con = mysql_connect(localhost,$username,$password);
@mysql_select_db($database, $con) or die( "Unable to select database"); 

$uName=$_POST['userName'];
$pw=$_POST['password'];

$uName = stripslashes($uName);
$pw = stripslashes($pw);
$uName = mysql_real_escape_string($uName);
$pw = mysql_real_escape_string($pw);

$query = "
SELECT * FROM Account WHERE userName='$uName' and password=MD5('$pw')";
$result = mysql_query($query);
/*if (!$result) {
  echo "Error selecting Account: " . mysql_error();
  die("");
}
$count = mysql_num_rows($result);

if ($count==1) {
  session_start();
  session_register('userName');
  header("Location: index.php");
}
else {
  echo "login fail";
}*/
$row = mysql_fetch_array($result);
if(($row['userName'] == $uName)&&($row['password'] == MD5($pw)))
    {
        $_SESSION['userName'] = $row['userName'];
        
        if($row['admin'] == "yes"){
            $_SESSION['admin'] = $row['admin'];
        }
        session_write_close();
        header("Location: index.php");
    }
else
    {
        echo "login fail";
    }
mysql_close();
ob_flush();
?> 
